Skip to content
Threat Feed
high advisory

NousResearch hermes-agent Missing Authorization Vulnerability (CVE-2026-9350)

A missing authorization vulnerability (CVE-2026-9350) exists in NousResearch hermes-agent up to version 2026.4.16, affecting the `check_all_command_guards` function in `tools/approval.py` of the Batch Runner component, enabling remote attackers to bypass authorization checks.

A missing authorization vulnerability, identified as CVE-2026-9350, affects NousResearch hermes-agent up to version 2026.4.16. The flaw resides within the check_all_command_guards function in the tools/approval.py file, a part of the Batch Runner component. Successful exploitation of this vulnerability allows remote attackers to bypass authorization checks, potentially leading to unauthorized command execution or data access. Publicly available exploit code exists, increasing the risk of exploitation. The vendor was notified but has not responded. This vulnerability was published on 2026-05-24.

Attack Chain

  1. Attacker identifies a vulnerable hermes-agent instance running a version prior to 2026.4.16.
  2. The attacker crafts a malicious request targeting the Batch Runner component.
  3. The request is designed to invoke functionality that relies on the check_all_command_guards function.
  4. Due to the missing authorization check, the attacker bypasses the intended access controls.
  5. The attacker executes unauthorized commands or accesses restricted data within the Batch Runner component.
  6. The attacker leverages the unauthorized access to escalate privileges or gain further control over the system.
  7. The attacker may install malware, exfiltrate sensitive data, or disrupt services.

Impact

Successful exploitation of CVE-2026-9350 can lead to unauthorized access to sensitive data, execution of arbitrary commands, and potential system compromise. This can result in data breaches, service disruption, and reputational damage. The fact that the exploit is publicly available increases the likelihood of widespread exploitation.

Recommendation

  • Upgrade NousResearch hermes-agent to a version later than 2026.4.16 to remediate CVE-2026-9350.
  • Monitor network traffic for suspicious requests targeting the Batch Runner component of hermes-agent using the “Detect Suspicious Hermes-Agent Batch Runner Requests” Sigma rule.
  • Deploy the “Detect Unauthorized Command Execution via Hermes-Agent” Sigma rule to identify potential exploitation attempts.

Detection coverage 2

Detect Suspicious Hermes-Agent Batch Runner Requests

medium

Detects suspicious HTTP requests to the Hermes-Agent Batch Runner component, potentially indicating CVE-2026-9350 exploitation attempts.

sigma tactics: initial_access techniques: T1190 sources: webserver

Detect Unauthorized Command Execution via Hermes-Agent

high

Detects CVE-2026-9350 exploitation — Monitors process creation events for commands executed by the hermes-agent process without proper authorization, potentially indicating exploitation of the missing authorization vulnerability.

sigma tactics: execution techniques: T1059.004 sources: process_creation, windows

Detection queries are available on the platform. Get full rules →